| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Feb 2009 09:06:17 -0800 From: Nishanth Aravamudan <nacc@...ibm.com> To: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> Cc: Ravikiran G Thirumalai <kiran@...lex86.org>, wli@...ementarian.org, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, linux-mm@...ck.org, shai@...lex86.org, Mel Gorman <mel@....ul.ie> Subject: Re: [patch] mm: Fix SHM_HUGETLB to work with users in hugetlb_shm_group On 05.02.2009 [11:03:09 +0900], KOSAKI Motohiro wrote: > (cc to Mel and Nishanth) > > I think this requirement is reasonable. but I also hope Mel or Nishanth > review this. > > > <<intentionally full quote>> > > > On Wed, Feb 04, 2009 at 05:11:21PM -0500, wli@...ementarian.org wrote: > > >On Wed, Feb 04, 2009 at 02:04:28PM -0800, Ravikiran G Thirumalai wrote: > > >> ... > > >> As I see it we have the following options to fix this inconsistency: > > >> 1. Do not depend on RLIMIT_MEMLOCK for hugetlb shm mappings. If a user > > >> has CAP_IPC_LOCK or if user belongs to /proc/sys/vm/hugetlb_shm_group, > > >> he should be able to use shm memory according to shmmax and shmall OR > > >> 2. Update the hugetlbpage documentation to mention the resource limit based > > >> limitation, and remove the useless /proc/sys/vm/hugetlb_shm_group sysctl > > >> Which one is better? I am leaning towards 1. and have a patch ready for 1. > > >> but I might be missing some historical reason for using RLIMIT_MEMLOCK with > > >> SHM_HUGETLB. > > > > > >We should do (1) because the hugetlb_shm_group and CAP_IPC_LOCK bits > > >should both continue to work as they did prior to RLIMIT_MEMLOCK -based > > >management of hugetlb. Please make sure the new RLIMIT_MEMLOCK -based > > >management still enables hugetlb shm when hugetlb_shm_group and > > >CAP_IPC_LOCK don't apply. > > > > > > > OK, here's the patch. > > > > Thanks, > > Kiran > > > > > > Fix hugetlb subsystem so that non root users belonging to hugetlb_shm_group > > can actually allocate hugetlb backed shm. > > > > Currently non root users cannot even map one large page using SHM_HUGETLB > > when they belong to the gid in /proc/sys/vm/hugetlb_shm_group. > > This is because allocation size is verified against RLIMIT_MEMLOCK resource > > limit even if the user belongs to hugetlb_shm_group. > > > > This patch > > 1. Fixes hugetlb subsystem so that users with CAP_IPC_LOCK and users > > belonging to hugetlb_shm_group don't need to be restricted with > > RLIMIT_MEMLOCK resource limits > > 2. If a user has sufficient memlock limit he can still allocate the hugetlb > > shm segment. > > > > Signed-off-by: Ravikiran Thirumalai <kiran@...lex86.org> Seems reasonable. Acked-by: Nishanth Aravamudan <nacc@...ibm.com> Thanks, Nish -- Nishanth Aravamudan <nacc@...ibm.com> IBM Linux Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists